The Big-Picture View of Risk | North Carolina Benefit Advisors

BusinessWomanOnALedge.jpg

Many human resources and business leaders think about compliance in black-and-white terms. We simply check the boxes and evaluate compliance efforts using one measure: “Are we doing it right or not?”

It’s easy to fall into the trap of failing to see the broader implications of our compliance efforts. We need to go beyond, “What’s the law and what should I do about it?” We need to ask questions like, “How does this law intersect with our culture?” or “What best practices will support this requirement?”  We need to understand that risk crosses our desks every day.

That’s where people risk management comes in.

People Risk Management: What It Is

People risk management is simply the strategic and wholistic view of compliance. It’s really all about the end-to-end story; it’s how we deal with all the things that happen in the employee lifecycle in a way that minimizes risk while maximizing employee engagement.

It’s all about how we anticipate risk, reduce the likelihood of risk events, and deal with them when they do happen. The best companies proactively respond to risk in an ethical way that not just protects us from liability, but also builds trust and respect among the workforce.

People Risk Management: An Example

Let’s say a new sexual harassment law goes into effect in your state. This triggering event (the new law) is just part of the issue. You need to take a big-picture view of the entire situation. You’ll need to know what you should anticipate, what you need to do, and how to evaluate your efforts to make sure you’ve addressed every risk.

Because this law is related to how people behave, in addition to administrative requirements, it can be difficult to understand how to simultaneously address both the risk of harassment and the risk of failing to comply with each aspect of the law. You also need to incorporate your response to this issue into your company culture to demonstrate that you care about protecting not just the company, but also your employees.

When engagement and compliance issues intersect, and you do both well, you create a culture that says you deal with stuff in a clear way, but also you protect yourself from legal risks. It’s a double benefit.

This article originally appeared on ThinkHR.com.

5 Ways to Say Thank You | North Carolina Employee Benefits

Thank you megaphone.png

As we begin our new year of 2019, we have also closed 2018 with lots of celebrations, gift-giving, and family time. Showing appreciation for others during this generous season comes second nature for some but for others, it doesn’t.  You may be looking for ideas on how to express your gratitude effectively to those around you and so we’ve compiled a list of five unique ways to say “thank you” to someone.

WRITE IT OUT

Receiving a handwritten note is a rare occurrence in this day. Speaking or emailing a thank you is more common and does effectively communicate the gratitude of the sender. However, the spirit of gratefulness that is communicated by sitting down and taking pen to paper to express your thankfulness for the act or gift received, is a bonus to the note receiver. Take the extra time to write out that thank you.

PHONE A FRIEND

In a day and age of emails and texts and social media, we rarely get phone calls from people who aren’t asking for something—billing issues, appointment reminders, robo-calls.  Even if the person on the other end of the call doesn’t pick up, leave that voicemail telling them thank you for their thoughtfulness for the gift you received. Be specific and mention the gift by name and what it meant to receive it. That phone call may be the brightest part of their day!

SAY IT ON SOCIAL MEDIA

We spend more time scrolling through social media than we do having face-to-face contact with people. Instead of getting caught up in a heated debate on NextDoor, take a few minutes to write on a friend’s wall to tell them thank you. It’s refreshing to see gratitude on display instead of incivility. And it’s always nice to see your friends get noticed for kindness!

FLASH A SMILE

The look of surprise on someone’s face is sometimes the greatest thank you that you can receive! The age old saying of “your face says it all” is true. When you open that gift and you can tell that the giver spent time thinking of the perfect thing to give you, look up and give them the thank you of a smile!

PAY IT FORWARD

Were you bowled over by the thoughtfulness of a gift or act? A beautiful way to show your gratefulness is to pay it forward. Buy the coffee of the person behind you in line. Say three nice things to strangers on the way in to your office. Tell your child a character quality you see in them that is fabulous. While this act of gratitude may mean that the original giver never knows about the ripple effect of their gift, you will, and hopefully that ripple is carried on and on and on.

 

These acts of gratitude are simple, effective, and most of all, meaningful. We should all be more mindful of taking the time to say thank you!

Government Shutdown Update: E-Verify and E-Verify Services Unavailable

Capitol.jpg

On December 22, 2018 the U.S. Citizenship and Immigration Services (USCIS) and Department of Homeland Security (DHS) posted notice that due to the lapse in federal funding the E-Verify website will not be actively managed and will not be updated until funding resumes. Although some online resources will remain available for employers or employees to review, webinars, myE-Verify accounts, Form I-9 and E-Verify telephone support will not be available.

Understandably, employers may be concerned about how to proceed with hiring or maintaining their E-Verify account. Employers are encouraged to review the guidance on the E-Verify website outlining how to proceed with employment verification during the outage.

Several E-Verify policies have been implemented to assist employers during this time to minimize employer burden:

  • The “three-day rule” for creating E-Verify cases is suspended for cases affected by the unavailability of E-Verify.

  • The time period during which employees may resolve “tentative nonconfirmations” (TNCs) will be extended. The number of days E-Verify is not available will not count toward the days the employee has to begin the process of resolving their TNCs.

  • USCIS and DHS will provide additional guidance regarding “three-day rule” and time period to resolve TNCs deadlines once operations resume.

  • Employers may not take adverse action against an employee because the E-Verify case is in an interim case status, including while the employee’s case is in an extended interim case status due to the unavailability of E-Verify.

  • Federal contractors with the Federal Acquisition Regulation (FAR) E-Verify clause should contact their contracting officer to inquire about extending federal contractor deadlines.

Although the use of E-Verify and live support are not available, employers that are actively hiring should proceed with the use of I-9’s and verify employment eligibility as required. The E-Verify website states:

“The lapse in government appropriations does not affect Form I-9, Employment Eligibility Verification requirements. Employers must still complete Form I-9 no later than the third business day after an employee starts work for pay, and comply with all other Form I-9 requirements outlined in the Handbook for Employers (M-274) and on I-9 Central.”

This originally appeared on ThinkHR.com.

5 Ways to Update Your Employee Handbook by Year’s End

EmployeeHandbook.jpg

How long has it been since your organization updated its employee handbook? It’s time to brush off any layers of dust that have accumulated over the years and make it a priority to conduct a review prior to the year’s end. This article highlights five evolving areas employers can focus on now to start the quickly-approaching new year off on the right foot.

1. #MeToo

The #MeToo movement has shone a spotlight on equal employment opportunity, sexual harassment, gender discrimination, and retaliation in the workplace. Employers may want to carefully review their policies on these subjects, including their complaint and investigation procedures. Harassment policies can include prohibitions against harassment based on any legally protected category in addition to addressing sexual harassment. As a best practice many employers include in their policies clear, complaint procedures that allow for multiple reporting avenues and are available during all shifts. In fact, employers may have an affirmative defense to a harassment claim if an aggrieved employee unreasonably fails to take advantage of an employer’s complaint procedures and other corrective measures. Appropriate training and consistent disciplinary enforcement are also key.

2. The NLRB’s New Guidance on Handbook Rules

In the recent past, much has been made regarding the National Labor Relations Board (NLRB) exercising authority over employers’ social media policies and other handbook policies. Yet, things appear to be shifting to a more employer-friendly direction. On June 6, 2018, on the heels of the Boeing decision, the Board’s general counsel (GC) issued an advice memorandum on the new standard for analyzing whether a work rule violates employees’ rights.  

The GC’s memorandum analyzes common employer rules and provides guidance as to whether a complaint should be issued in terms of three categories of work rules: (1) those that are generally lawful, (2) those that require case-by-case evaluation, and (3) those that are unlawful. The memorandum emphasizes that the agency’s focus is now on whether a rule in question would actually be interpreted to cover protected concerted activity under Section 7 of the National Labor Relations Act. Specifically, the memorandum states that “ambiguities in rules are no longer interpreted against the drafter, and generalized provisions should not be interpreted as banning all activity that could conceivably be included.” Thus, the time is ripe for employers to reconsider their policies regarding civility, photography/recording, insubordination, disruptive behavior, confidentiality, disparagement, and conflicts of interest, among others.

3. Data Privacy

On March 28, 2018, Alabama followed the lead of 49 other states in requiring protection of sensitive consumer information and notice of data breaches, as well as imposing consequences for failing to comply with the law. Due to the prevalence of federal and state data privacy laws impacting the workplace, along with the implementation of the European Union’s new privacy law, the General Data Protection Regulation (GDPR), employers may want to scrutinize their existing privacy rules to ensure compliance.

4. Superfluous Language

Most employers have learned that including an at-will policy in an employee handbook reinforces the principle that employment may be terminated at any time for any lawful reason. Likewise, at-will policies can explicitly clarify that a handbook is not a contract and that employers may revise policies without prior notice.

Employers may also want to take caution to avoid potential promises made by superfluous language. Unnecessary purpose statements, rigid progressive discipline steps, and unrealistic commitments to provide training or a mutually enjoyable work environment can expose employers to liability. To prevent estoppel arguments, employers may want to ensure that they do not label personal or extended leave as falling under Family and Medical Leave Act (FMLA) when it does not.

5. Employee Acknowledgments and Training

Employee acknowledgements demonstrate evidence that employees have received a handbook. Employers can obtain these acknowledgments each time they update their handbooks. Employers can utilize acknowledgements to reiterate an at-will policy and to direct employees to raise any complaints or questions about the handbook or other personnel policies. An acknowledgment can also note that violations of any policy, whether or not identified in a handbook, can lead to discipline.  When employers significantly update their handbooks, they also might want to take the opportunity to train their managers and employees.

Employers will find that dedicating the time and resources to reviewing employment policies on an annual basis may be well worth the investment. 



This post originally appeared on Ogletree.com.

Ask the Experts: Flu and FMLA

WomanSneezing.jpg

Question: Is the common flu considered a serious health condition under the Family and Medical Leave Act (FMLA)?

Answer: Most cases of the common flu do not meet the definition of “serious health condition” and would not be eligible for Family and Medical Leave Act (FMLA) leave.

Some cases of the flu, however, are severe or result in complications, and these have the potential to meet the FMLA definition of “serious health condition.” This is defined as an illness, injury, impairment, or physical or mental condition that involves inpatient care or continuing treatment by a healthcare provider. Continuing treatment means:

  • The employee has been incapacitated for a period of more than three full days; and

  • Consults with a doctor two or more times within 30 days, or

  • Has one consult with a doctor and a regimen of continuing treatment.

If an employee is out sick with the flu for more than three days, consider whether the need for FMLA leave may exist. This doesn’t mean that you need to go through the whole FMLA process to determine eligibility for each flu absence; just that you shouldn’t automatically reject FMLA requests for the flu either.

Review each case based on the facts, keep the “serious health condition” definition in mind, and if the illness is severe, ask the employee to submit certification from a health care provider to support the their need for leave protection under the FMLA.

This post originally appeared on ThinkHR.com.

Easy Ways to Increase Workplace Wellness | North Carolina Employee Benefits

Office with dog.jpg

Picture this: You’re sitting at your desk at 3 pm and realize you haven’t gotten up from your chair for hours. You realize you’ve been snacking instead of eating a lunch. You have read the same sentence four times and still can’t figure out what it means. Your back hurts, your eyes feel dry, and you feel totally blah. You, my friend, are a victim of a sedentary lifestyle. How can we combat this lack of energy and inattentiveness in our workplace? By adopting healthy workplace initiatives, you will reap the benefits of a more engaged workforce and a healthier environment.  

What’s the problem?

  • The average worker sits 7.5 hours at a desk every day

  • Add in couch time, sitting to eat meals, commute, and sleeping, and it could mean that the average adult is only active for 3 hours in a 24-hour period

  • Prolonged sitting is directly related to higher risk of heart disease, weight gain, and diabetes

  • Poor posture can lead to chronic health issues such as arthritis and bursitis

  • Staring at computer screens for long amounts of time lead to higher instances of headaches and migraines

What’s the solution?

  • Healthy snack options in vending machines—SnackNation and Nature Box have healthy snack delivery services for offices of all kinds and sizes. 

  • Fitness challenges—Encourage different office-wide challenges to promote a more active lifestyle. 

  • Standing desks—Companies such as Varidesk make standing desks or sit/stand desks that lower and raise so that you vary your position during the day

    • Reduces back pain

    • Burns more calories during the day

    • Increases energy

    • Some insurance companies will cover all or portion of the cost if they deem it “medically necessary.”

  • Practice gratitude—keep a daily log of things to be thankful for that day

    • Shown to ease depression, curb appetite, and enhance sleep

    • Spirit of gratefulness leads to more sustainable happiness because it’s not based on immediate gratification, it’s more of a state of mind

  • Get moving during the day—if your office doesn’t have sit/stand desks, schedule time to move each day.

    • Stretch time/desk yoga

    • Computer programs to remind you to move such as “Move” for iOS and “Big Stretch Reminder” for Windows

  • Extra happiness in the office—

    • Add a plant

    • Aromatherapy

    • Host a cooking class to encourage healthy meal plans

    • Pet-friendly office days

 

By showing your employees that you care about their physical and mental health you are showing that you care about them as people and not just employees. This results in higher motivated staff who are healthier. The Harvard Business Review even says that “employers who invested in health and wellness initiatives saw $6 in healthcare savings for every $1 invested.” You cannot always measure ROI on personnel investment, but it looks like for workplace wellness, you can! Now get moving and get your office moving!

Celebrate the Season Safely | North Carolina Benefit Advisors

Broken-ornament.jpg

As the holiday season approaches, the economy is humming along, unemployment is low, and companies are enjoying the fruits of corporate tax breaks. Time to celebrate? Not so fast, according to the 2018 Holiday Party Survey by Challenger, Gray & Christmas. The survey found that just 65 percent of companies are holding holiday festivities this year, the lowest rate since the 2009 recession.

While in 2009, holiday parties were skipped for financial reasons, the 2018 causes are more complex. Andrew Challenger, VP of Challenger, Gray & Christmas, speculates that the two biggest factors are #MeToo and an increase in the number of remote employees.

If your company is among those celebrating the holiday season this year, what can you do to avoid liability from sexual harassment, alcohol consumption, and other categories of risk?

Risk: Harassment Allegations

  • Communicate behavior expectations to employees ahead of time. Consider using this language to set standards of conduct. You may even choose to redistribute your sexual harassment policy. Be sure to emphasize that all employee policies apply at the party, even if it is off-site or after work hours. Racial or sexual jokes, inappropriate gag gifts, gossiping about office relationships, and unwelcome touching will not be permitted during the holiday party, just as they are not allowed in the office.

  • Do not allow employees to get away with bad behavior. Remind your supervisors to set a good example and keep an eye out for employee behavior that needs managing at the event.

  • Follow up immediately on allegations of inappropriate behavior and conduct a thorough investigation of the facts, even if the alleged victim does not file a complaint and you only hear about the behavior through the grapevine. If corrective action is warranted, apply it promptly.

  • Invite significant others or families. Employee behavior tends to improve at company events when spouses or partners and children are present. If your budget allows, include the entire family in the celebration. Be sure to review your liability coverage with your broker first.

  • Avoid incidents related to relaxed inhibitions by following the tips for reducing alcohol-related risks (see below).

Risk: Alcohol-Related Incidents

  • Take steps to limit alcohol consumption. If alcohol will be served, provide plenty of food rich in carbohydrates and protein to slow the absorption of alcohol into the bloodstream. You can also have a cash bar, limit the number of drink tickets, or close the bar early to deter over-consumption. Also have a good selection of nonalcoholic beverages or a tasty signature “mocktail” available. Make sure water glasses are refilled frequently.

  • Get bartenders on board. If you have underage workers or invite children of employees, be sure that servers ask for ID from anyone who looks under age 30. Ask servers to cut off anyone who appears to be intoxicated.

  • Make sure employees get home safely. Offer incentives to employees who volunteer to be designated drivers, offer to pay for ride shares or taxis, or arrange group transportation or accommodations. Planning for safe transportation can potentially minimize your liability if an employee causes an accident while driving under the influence.

  • Do not serve alcohol if your party is at the office and your policies do not permit drinking on company premises or during work hours. Deter employees from an informal after-party at a bar or restaurant where the alcohol could flow.

Risk: Workers’ Compensation Claims

  • Keep the party voluntary and social. Typically, workers’ compensation does not apply if the injury is “incurred in the pursuit of an activity, the major purpose of which is social or recreational.” If the carrier determines that the company party was truly voluntary and not related to work, you may not be liable for injuries sustained at the party.

  • Go offsite. Hosting your holiday party at an offsite location is a smart idea. Your employees will be thankful for the change in setting, and this could reduce insurance liabilities for your company, especially when it comes to third-party alcohol and injury policies.

  • Check with your broker before the party. Review your insurance policies and party plans to make sure you do everything you can to avoid risk and know how to handle any incidents that result from the party.

Risk: Perceptions of Unfairness

  • Determine how to handle pay issues in advance of the party. You’re not required to pay employees who voluntarily attend a party after hours. However, nonexempt employees need to be compensated if they are working the party or if attendance is mandatory. If the party is held during regular work hours, then all employees must be paid for attending the party.

  • Decide in advance whether and how to include remote employees, independent contractors, temporary employees, or agency workers. Be consistent in sending invitations, and if a category of workers will not be invited to the party, consider other ways to reward them for their hard work throughout the year, such as gifts.

  • Do not penalize employees who choose not to attend. The message may be misinterpreted and could create employee relations concerns. Be considerate of those who do not attend the event due to religious beliefs, sobriety, mental health issues, family obligations, child care conflicts, or any other reasons. Avoid religious symbols or themes as they could offend individuals of different faiths.

Cybersecurity: Employees Are the First Line of Defense

Cybersecurity.jpg

Cybercriminals are becoming more focused on users of company networks as a weak link in the security infrastructure chain. Secure web gateways, anti-virus tools, malware scanners, spam quarantines, and other technologies help filter out malicious content and defend against a growing variety of threats, but technology alone cannot stop humans from clicking on the wrong links.

Gone are the days when cybersecurity was the sole responsibility of the corporate IT department. Cyber safety programs are a best human resources practice and should be included in new employee onboarding and ongoing training awareness programs. HR might even consider incentive plans for helping keep networks safe.

Why? Employees are vulnerable to malware through their use of company email, the web, social media, instant messaging, and other communication and network software. Employees must be able to spot the types of attacks that may compromise company networks and be ready to use best practices against data breaches and malware infiltration as part of the organization’s overall risk prevention program.

How Pervasive is the Threat?

According to Michael Osterman of Osterman Research, Inc., there is more than a one-in-four chance that a user will mistakenly click on a phishing email and infect a corporate network. Costs to affected companies are steep. A recent example is the city of Atlanta, where a single ransomware infection cost the city more than $2.6 million. Trend Micro predicts worldwide losses from business email compromise (BEC) attacks at more than $9 billion in 2018.

Osterman Research conducted a study of organizations that had been victims of security incidents between March 2017 and March 2018 and found:

  • 9% were victims of phishing attacks that successfully infected systems with malware.

  • 25% had targeted email attacks launched from a compromised account that infected a network endpoint with malware.

  • 25% had sensitive/confidential information accidentally leaked through email.

  • 1% suffered targeted email attacks launched from a compromised account that successfully stole a user’s account credentials.

  • 1% had files encrypted because of a successful ransomware attack.

  • 2% saw malware infiltrate internal systems without being able to pinpoint the source of attack.

  • 2% had one or more systems successfully infiltrated through a “drive-by” malware attack from employee web surfing.

  • 3% had a CEO fraud/BEC email attack that successfully tricked one or more employees in the organization.

  • 7% had sensitive/confidential information accidentally or maliciously leaked through a cloud-based file sharing tool like Dropbox.

  • 8% were victims of sensitive/confidential information accidentally or maliciously leaked through a social media or cloud application.

One reason we are seeing increased vulnerability to cyberattacks stems from a growing attack “surface,” or possible entry points for malware and other malicious attacks. Most employees use multiple company-provided hardware and software products that widen that attack surface. These represent ingress points for various types of threats and often are a more serious problem because their use is not as well controlled by IT, if they’re controlled at all.

Cyberthreats Aimed at Employees

What types of threats should your employees be trained to spot so that they think before they click? Here are the most common ones:

Phishing emails. These are relatively unfocused email messages designed to collect sensitive information, such as login credentials, credit card information, Social Security numbers, and other valuable data. Phishing emails pretend to come from trustworthy sources like banks, credit card companies, shippers, and other sources with which potential victims have established relationships. More sophisticated phishing attempts use corporate logos and other identifiers to fool potential victims into believing the emails are genuine.

Spearphishing emails. These are targeted phishing attacks typically focused on one company or affinity group (such as an industry organization), reflecting the fact that a cybercriminal has studied the target and crafted a message designed to have a high degree of believability and a potentially high open rate.

Consumer file sync and share tools. Productivity tools like Dropbox, Microsoft OneDrive, and Google Drive, which let users make files available on all desktop, laptop, and mobile platforms, generally are safe but can be targeted by sophisticated criminals as an entry point. For example, when an employee accesses corporate files on a home computer that doesn’t have current anti-virus software, the employee can inadvertently infect these files with malware. When files are synced back to the employee’s work computer, malware can infect the network because it may have bypassed corporate email, web gateway, and other defenses.

Watering holes. In these social engineering attacks, cybercriminals identify websites they would like to infiltrate and that employees might visit on a regular basis. They infect these sites with malware.

Malicious Internet advertising (malvertising). This is designed to distribute malware through advertising impressions on websites.

User errors. Users sometimes inadvertently install malware or compromised code on their computers. This can occur if they install ActiveX controls, download a codec, install various applications intended to address some perceived need (such as a capability that IT does not support), or respond to scareware attempts that prey on users who are trying to protect their platforms from viruses and other malware.

Mobile malware. The growing use of smartphones and tablets is increasingly being exploited by cybercriminals. Most infections impact Android devices.

Compromised search engine queries. Valid queries can be hijacked by cybercriminals to distribute malware when employees perform web searches. This type of attack relies on poisoning results, leading to the display of malware-laden sites during these searches. This is particularly effective for popular search terms, such as information on celebrities, airline crashes, natural disasters, and other “newsy” items.

Mobile copycat apps. Some mobile applications are distributed through vendor-based and third-party stores that offer varying levels of security. If the store lacks stringent standards, serious security risks like distribution of copycat apps and malware that can cause infections when downloaded can occur.

Botnets. These are the source of many successful hacking and phishing attacks against high-profile targets. A CenturyLink Threat Research Labs study for a 2018 threat report tracked an average of 195,000 threats per day from botnets impacting an average of 104 million unique targets, from large servers to handheld devices, that steal sensitive data and launch network attacks impacting businesses worldwide.

Ransomware. In this particularly malicious form of attack, a cybercriminal can encrypt all files on a hard disk and then demand ransom for access to a decryption key. Victims who choose not to pay the ransom quickly will have their files remain encrypted permanently. Cryptolocker, a common variant of ransomware, typically extorts a few hundred dollars per incident and normally is delivered through email with a PDF or .zip file disguised as a shipping invoice or some other business document.

Hacking. With this form of cyberattack, cybercriminals use many techniques to breach corporate defenses.

Think Before You Click

Train employees to become the first line of defense in the network security risk prevention infrastructure. First, remind them to physically protect devices by not leaving them unattended or in unsecure areas, including locked cars. Focus training on identifying the types of malware they may encounter and how to escalate attempts to the IT professionals for resolution. Use a catchy slogan, like “think before you click,” to create engagement and promote awareness.

Here are some simple training tips:

  • Be skeptical of any email, web page, or social media post that appears to be even remotely suspicious, makes an offer that is too good to be true, or contains strange information.

  • Ask questions. Michael Osterman recommends asking these questions when viewing emails:

    • Do you recognize the sender’s email address?

    • Do you recognize anyone else copied on the email?

    • Are others in the email seemingly from a random group of people or do their last names all begin with the same letter?

    • Is the domain in the email address spelled correctly or is it simply close to the actual URL (e.g., bankofamerica.com vs. bankofarnerica.com).

    • Would you normally receive an email from this individual or organization?

    • Does the subject line make sense?

    • Is the email a “response” to an email you never sent (e.g., does it begin with “re:”)?

    • Does the email contain an attachment that does not make sense in the context of the email or sender?

    • Does the attachment end in “.exe,” “.zip,” or some other possibly dangerous attachment type?

    • Did you receive an email at an unusual time, such as 3 a.m. on a Sunday?

    • Is the sender asking you to keep the contents of this email or requests within it a secret?

    • Does the email contain spelling or grammatical errors?

    • Is there even a hint of extortion in the email, such as a request to look at compromising or embarrassing photos of you or someone else?

  • Review quarantined messages carefully before bringing them out of quarantine. Most anti-spam solutions capture phishing emails correctly.

  • Don’t click on a link in an email or open an attachment until you are certain it is valid.

  • Never use USB flash drives from unknown sources.

  • Set strong passwords. Change passwords regularly.

  • Use password protection on every electronic and mobile device.

  • Intentionally use wrong information for security questions.

  • Keep security software up to date on personal devices.

  • For mobile devices:

    • Disable auto usernames and passwords. This reduces the risk of having personal data accessed if the device is lost or stolen.

    • Know how to wipe your data if your device is lost or stolen.

    • Be careful when using public Wi-Fi networks, especially with insecure networks that do not require a password.

    • Use safe stores for downloading mobile applications.

  • For social media:

    • Don’t overshare personal information on social media.

    • Turn off location services.

    • Be careful clicking on links, liking, and sharing them.

Cyber Risk Prevention is Everyone’s Job

Don’t put it off — take the time to implement or enhance security awareness training for employees, contractors, and others who interact with corporate systems and data sources. Create a stronger line of defense against increasingly sophisticated cyber threats now. Preventing even one employee from making an honest mistake and clicking on the wrong link could save the business from reputational and financial losses. Clients will appreciate having the information to protect their home computers and personal devices, too!

This article was originally posted on ThinkHR.com.

IRS Announces 2019 Retirement Plan Contribution Limits | North Carolina Employee Benefits

Retirement-coinjar.jpg

On November 1, 2018, the Internal Revenue Service (IRS) released Notice 2018-83announcing cost-of-living adjustments affecting dollar limits for pension plans and other retirement-related items for tax year 2019. Many pension plan limits will change next year because the increase in the cost-of-living index has met the statutory thresholds that trigger their adjustment. Other items, however, will remain the same. The following is a summary of the limits for 2019.

For 401(k), 403(b), and most 457 plans and the federal government’s Thrift Savings Plans:

  • The elective deferral (contribution) limit increases from $18,500 to $19,000 for 2019.

  • The catch-up contribution limit for employees aged 50 and over who participate in these plans remains at $6,000.

For individual retirement arrangements (IRAs):

  • The limit on annual contributions has not changed for many years. For 2019, however, it increases from $5,500 to $6,000.

  • The additional catch-up contribution limit for individuals aged 50 and over is not subject to an annual cost-of-living adjustment so it remains $1,000 for 2019.

For simplified employee pension (SEP) IRAs and individual/solo 401(k) plans:

  • Elective deferrals increase to $56,000 for 2019, based on an annual compensation limit of $280,000 (up from the 2018 amounts of $55,000 and $275,000).

  • The minimum compensation that may be required for participation in a SEP remains unchanged at $600 for 2019.

For savings incentive match plan for employees (SIMPLE) IRAs:

  • The contribution limit on SIMPLE IRA retirement accounts increases to $13,000 for 2019 (from $12,500 for 2018).

  • The SIMPLE catch-up limit remains unchanged at $3,000 for 2019.

For defined benefit plans:

  • The basic limitation on the annual benefits under a defined benefit plan is increased to $225,000 for 2019 (from $220,000 for 2018).

Other changes:

  • Highly-compensated and key employee thresholds:

    • The threshold for determining “highly compensated employees” increases to $125,000 for 2019 (from $120,000 for 2018).

    • The threshold for officers who are “key employees” in a top-heavy plan increases to $180,000 for 2019 (from $175,000 for 2018).

  • Social Security cost of living adjustment: In a separate announcement, the Social Security Administration stated that the taxable wage base will increase to $132,900 for 2019, an increase of $4,500 from the 2018 taxable wage base of $128,400. Thus, the maximum Social Security tax liability will increase for both employees and employers.

This article originally appeared on ThinkHR.com.

Are You Ready for Election Day? | North Carolina Benefit Advisors

Election Day is next Tuesday, November 6. Do you know what provisions, if any, you must make to accommodate your employees’ rights to vote? Time off for voting is not a federal requirement; however, 30 states have voting leave laws impacting the workplace.

These state laws vary significantly. Not all leave is required to be paid, and the amount of time varies. For some states it’s described as “reasonable time” necessary to vote, and in other states the law specifically states two, three, or even four hours to vote. Furthermore, some states, such as California and New York, require you to post notices of employees’ rights for time off to get to the polls.

Twelve of the 30 states also impose penalties for employers who prohibit employees from voting. For example, Colorado and New York employers could lose their corporate charter and Arizona, Missouri, and Kansas supervisors could face fines up to $2,500. While 20 states and the District of Columbia do not have voting leave laws in place, there are other provisions you should be aware of when it comes to your employees exercising their voting rights.

Even if your state doesn’t have a law in place requiring you to provide voting leave, that does not preclude you from having a company policy in place that provides voting leave. In addition to offering employees time on election day to vote, you could also remind employees about absentee or early voting options in your community.

Be ready for the midterm elections this November by knowing your time off rules and encourage your employees to exercise their civic duty to vote!

political-badge-collection-65DXCQJ.jpg

8 Tips for Handling Tough Employee Conversations | North Carolina Employee Benefits

We all get cold feet when it comes to addressing difficult issues with colleagues in the workplace. It’s stressful, and you just can’t help but think of all of the ways that a well-meaning conversation could go sideways. You worry about the longer-lasting effects of a damaged work relationship but know that you must correct problematic work performance or behaviors before they get out of control.

Uncomfortable conversations about personal behaviors and poor performance are tough, and putting them off just allows the problems to worsen. Use your knowledge of the situation and put together the right combination of management skills to tackle the talk now.

Imagine these all-too-familiar employee situations that you know you need to address but don’t think you have the wisdom (or can’t muster up the courage) to handle:

  • The “No Good Deed Goes Unpunished” situation. For the past several months, one of your team members has been underperforming, and it has dragged down your business unit’s productivity. The underperforming employee has shared that she has a number of family and financial issues and is trying her hardest to stay ocused on work because she needs this job and loves the company. She lives your company values and is well-liked by her co-workers. Everyone feels bad for her situation and has been picking up the slack, but they are growing resentful of the extra work with no end in sight. You’ve been trying to be kind by avoiding the issues as her performance has slid from bad to worse. It is now impacting your company’s overall performance and degrading the employee relations climate.

  • The “Bad Behavior, Great Performer” situation. One of your employees consistently exceeds his production goals at the expense of the company culture. He is highly critical of others, issues demands from other work teams without regard for their other priorities, and employees grudgingly drop everything to deliver on impossible deadlines because they believe that they cannot push back. It’s all about him and his performance. He is regularly recognized by the company leadership for being the top producer, and employee complaints to management about his behavior have not been addressed. While production goals are good, your company culture is sinking and you’re starting to see increased absenteeism and turnover among your staff.

Don’t Overlook the Signals

In addition to employee resentment and lost productivity, there’s a bottom-line impact for not tackling these tough talks at the right time and in the right manner. The key is to pay attention to the signals and not feed the problem with neglect.

In the first scenario, trying to be a kind and sensitive boss worked in the beginning but is now backfiring. At first the team worked together to help their struggling colleague, but without a plan to fix the problem in the longer term, it created three serious issues for you to fix: employee morale, lack of confidence in your leadership for missing the signals of “team fatigue,” and not having a plan to keep the team on track — all resulting in lost productivity.

The best thing you can do in situations like these is to work with the struggling employee to develop a plan that puts her back on track or helps her consider alternatives if necessary. This type of conversation requires sensitivity along with some firmness because you need to steer the conversation from the personal issues back to actionable work deliverables.

In my experience dealing with circumstances like the second scenario, typically management allows the top performer’s behavior to go unchecked for fear that if the employee is corrected his performance will suffer or he will quit the company. While there may be an element of truth to those concerns if the individual is unwilling to accept constructive feedback, the bigger fear should be for the company’s culture, employee erosion of trust and confidence in the leadership team, and the motivation, performance, and retention of the other company employees if the behavior is not changed.

Often the top performer continues to use the same work patterns that have been successful and isn’t even aware of the impact on others. Addressing the issues sensitively so that he can make personal changes has the potential to create even higher levels of team unity and performance.

What Signals are You Looking For?

For starters, watch your team’s interactions with each other, be sure that each team member understands their key performance objectives, and take the time to “check in” regularly and solicit feedback about the job, work team, and overall company with each employee.

Having direct conversations on a regular basis helps you nip problems in the bud and shows your employees that you care about their concerns. You also learn each other’s communication patterns so that when it comes time to have that awkward or difficult conversation, you both are less uncomfortable.

Groups where team members work remotely increase the chances that signals can be missed. When telecommuting is coupled with the use of instant messaging and other forms of communications in place of direct face-to-face or voice communications, the sender’s well-intentioned messages may get lost in translation. Be sure to follow up any electronic communications with a direct phone call or meeting.

Eight Tips for Tackling These Conversations

Strategies to manage conflicts with subordinates are not fully taught in business classes. More common are courses addressing project conflicts, where the focus is on fixing the “what” of the problem, such as resetting priorities, changing business plans, or repairing broken systems or processes. There are fewer tools focusing on how teams communicate and repairing broken business relationships. Preparation and planning are critical to get what you need from these hard conversations while keeping your relationship with the employee intact.

  1. Focus your own viewpoint first. If you start out thinking the conversation will be really hard, you’re going to be more anxious. Chances are the conversation will be harder. Instead, position this discussion as a means to enhance your relationship while helping your employee develop better skills, understand company priorities better, or work more positively on the team. Think about how you can deliver the difficult talking points with honesty, courage and fairness.

  2. Recognize the emotions you will be feeling. Are you disappointed in this employee? Angry about the problems they’ve caused? Scared that your conversation will damage your work relationship? Put your negative feelings aside and consider how you will frame the problem you need to discuss and how your employee may feel. Try to come at the discussion with consideration and compassion for their feelings and frame the conversation with a desire for the employee’s success. “John, we need to have a hard conversation today, and I’m feeling anxious because I want you to win. Please know that I am invested in your success and will work with you to make that happen.”

  3. Be intentional in planning the conversation, but don’t script it out so that your delivery sounds mechanical. Some business consultants suggest drafting a script and considering alternatives based on the employee’s reactions. In my experience, these conversations never go completely according to plan, and scripted conversations feel artificial. Instead, write down key points and plan as if you are just having a simple conversation with a colleague. Be prepared to provide specifics and pace your conversation so that you take time to gauge your employee’s reactions to your comments. Your employee may react defensively if you provide vague statements. Instead of saying, “Sue, people in the company are telling me that you are difficult to work with and have a bad attitude,” frame the issue with examples, such as, “Sue, I am concerned because I’ve noticed in the last four team meetings you arrived late and weren’t prepared with project updates. As a result, both Joe and Sam missed their deliverables, and you didn’t let any of us know in advance that the timeline was slipping.”

  4. Recognize that you own part of the problem, too. Your goal is to have a conversation between adults where each owns some responsibility for the issue and solving the problem. This takes the conversation from finding fault to finding solutions. “Rob, I realize now that you have too many priorities and I didn’t provide you with the resources to deliver on the project. I also realize that I avoided addressing the problem at the beginning of the project and let it go too long without discussing it with you.”

  5. Outline what you want changed. Don’t just discuss the problem; describe the end result you envision. Discuss realistic and achievable outcomes and be willing to offer resources and assistance as appropriate.

  6. Ask the employee for his or her viewpoints. The last thing you want is a one-sided conversation. Slow the pace of the conversation, observe the employee’s reactions to your comments, and ask for feedback and suggestions for solving the problem. You may learn new information about what may have caused the problem, and the employee could offer even better solutions than you thought possible. Throughout the conversation, look for areas of consensus and acknowledge the employee’s feelings and concerns. That shows respect.

  7. End the conversation on a positive note with an action plan. Thank the employee for working with you through the difficult discussion. Acknowledge that it was a tough conversation and express appreciation for the employee’s professionalism as you both work towards a better outcome. Develop a going-forward action plan to solve the problem. “Tom, this was a hard talk, and I know it wasn’t easy for you. You provided some good ideas for fixing the issue, and I appreciate your professionalism. You can do this, and I am here to help you win.”

  8. Close the loop and follow up. Give the employee a little time to reflect on the discussion, but no more than a day or two. Follow up and ask the employee if they would like to have another discussion to cover any additional information or clarification. Put the agreed-upon action plan in writing, schedule regular status meetings, and recognize progress and improved performance. Taking these steps demonstrates your respect for the employee and desire for them to succeed.

Keep the Conversation Going

Great managers keep the conversation going to ensure team members are aligned and supporting each other to create a healthy corporate culture and successful company. When problems arise, they have the tough conversations to get things back on track. Handling these discussions well takes courage as well as empathetic listening and communications skills. Pay attention to the signals, develop your communications plan, and you’ll be more confident in tackling your next tough employee communications challenge.

Originally published by www.thinkhr.com

Tough Employee Conversations.jpg

Ask the Experts: Mandatory Flu Shots | North Carolina Benefit Advisors

While there is no law that prohibits employers from mandating flu shots, you should carefully determine if the benefits to your business outweigh the risks. Read the article to determine the best course of action, from incentives to suggestions about policy wording.

Look Backward to Plan Forward | North Carolina Employee Benefits

We have entered Open Enrollment season and that means you and everyone in your office are probably reading through enrollment guides and trying to decipher it all. As you begin your research into which plan to choose or even how much to contribute to your Health Savings Account (HSA), consider evaluating how you used your health plan last year. Looking backward can actually help you plan forward and make the most of your health care dollars for the coming year.

Forbes magazine gives the advice, “Think of Open Enrollment as your time to revisit your benefits to make sure you are taking full advantage of them.” First, look at how often you used health care services this year. Did you go to the doctor a lot? Did you begin a new prescription drug regimen? What procedures did you have done and what are their likelihood of needing to be done again this year? As you evaluate how you used your dollars last year, you can predict how your dollars may be spent next year and choose a plan that accommodates your spending.

Second, don’t assume your insurance coverage will be the same year after year. Your company may change providers or even what services they will cover with the same provider. You may also have better coverage on services and procedures that were previously not eligible for you. If you have choices on which plan to enroll in, make sure you are comparing each plan’s costs for premiums, deductibles, copays, and coinsurance for next year. Don’t make the mistake of choosing a plan based on how it was written in years prior.

Third, make sure you are taking full advantage of your company’s services. For instance, their preventative health benefits. Do they offer discounted gym memberships? What about weight-loss counseling services or surgery? How frequently can you visit the dentist for cleanings or the optometrist? Make sure you know what is covered and that you are using the services provided for you. Check to see if your company gives discounts on health insurance premiums for completing health surveys or wellness programs—even for wearing fitness trackers! Don’t leave money on the table by not being educated on what is offer

Finally, look at your company’s policy choices for life insurance. Taking out a personal life insurance policy can be very costly but ones offered through your office are much more reasonable. Why? You reap the cost benefit of being a part of a group life policy. Again, look at how your family is expected to change this year—are you getting married or having a baby, or even going through a divorce? Consider changing your life insurance coverage to account for these life changes. Forbes says that “people entering or exiting your life is typically a good indicator that you may want to revisit your existing benefits.”

As you make choices for yourself and/or your family this Open Enrollment season, be sure to look at ALL the options available to you. Do your research. Take the time to understand your options—your HR department may even have a tool available to help you estimate the best health care plan for you and your dependents. And remember, looking backward on your past habits and expenses can be an important tool to help you plan forward for next year.

Keyboard.jpg

Gupton on the Role of an Employee Benefits Broker in the Opioid Crisis

Gupton’s work on the opioid crisis continues to get attention. October 9th, Employee Benefit Advisor Magazine published an article on Gupton’s motivators, statistics, current pushes, and ideas on how an employee benefit consultant can impact the opioid crisis.

Ask the Experts: Distributing ERISA Notices Electronically | North Carolina Employee Benefits

Question: Our company is getting ready for open enrollment. Can we distribute ERISA notices electronically instead of printing and delivering hard copies?

Answer: Yes, electronic delivery complies with ERISA’s disclosure rules – but certain conditions must be met.

First, whether delivered in hard copy or electronic media, ERISA requires preparing and furnishing materials “in a manner consistent with applicable style, format, and content requirements.” It is a good idea to test electronic documents to make sure the formatting and style are correct.

Secondly, materials must be furnished using “measures reasonably calculated to ensure actual receipt.” For instance, if using a traditional delivery method, such as first-class mail, be sure to follow up on any undelivered/returned mail.

For electronic delivery, the compliance rules work differently depending on whether the recipients have regular access to the employer’s electronic information system:

  • Regular access means the recipients use the system, such as the employer’s email system or intranet, as an integral part of their regular job duties. This may include employees who work from home or who are traveling. However, simply having access to a kiosk in a workplace common area does not qualify as having regular access.

  • Without regular access means all other recipients. This may include employees on leave as well as non-employees such as COBRA participants, retirees, and alternate payees. For this group, electronic delivery does not comply with ERISA unless the recipient first affirmatively consents to receive the material electronically, provides an electronic address, and reasonably demonstrates their ability to access the material in electronic form. Since the process to secure consent is fairly cumbersome, most employers choose to distribute materials to this group using traditional hard-copy methods instead of electronic delivery.

Both groups of recipients must be notified of their rights to receive paper copies of the documents (at no charge), and reasonable and appropriate steps must be taken to safeguard confidentiality of personal information related to benefits. A best practice is for employers to ensure return-receipt or notice of undelivered mail features are enabled. Employers may conduct periodic reviews or surveys to confirm receipt as well.

Just emailing documents or posting them on the company’s intranet or benefit administration portal is not enough. Each time an electronic document is furnished, a notice (electronic or paper) must be provided to each recipient describing the significance of the document.

Originally published by www.thinkhr.com

Think HR electronic-disclosure-1.jpg

Medicare Part D Notices Due Oct. 15 | North Carolina Benefit Advisors

Are you an employer that offers or provides group health coverage to your workers? Does your health plan cover outpatient prescription drugs — either as a medical claim or through a card system? If so, be sure to distribute your plan’s Medicare Part D notice before October 15.

Purpose

Medicare began offering “Part D” plans — optional prescription drug benefit plans sold by private insurance companies and HMOs — to Medicare beneficiaries many years ago. People may enroll in a Part D plan when they first become eligible for Medicare.

If they wait too long, a late enrollment penalty amount is permanently added to the Part D plan premium cost when they do enroll. There is an exception, though, for individuals who are covered under an employer’s group health plan that provides creditable coverage. (“Creditable” means that the group plan’s drug benefits are actuarially equivalent or better than the benefits required in a Part D plan.) In that case, the individual can delay enrolling for a Part D plan while he or she remains covered under the employer’s creditable plan. Medicare will waive the late enrollment premium penalty for individuals who enroll in a Part D plan after their initial eligibility date if they were covered by an employer’s creditable plan. To avoid the late enrollment penalty, there cannot be a gap longer than 62 days between the creditable group plan and the Part D plan.

To help Medicare-eligible plan participants make informed decisions about whether and when to enroll in a Part D drug plan, they need to know if their employer’s group health plan provides creditable or noncreditable prescription drug coverage. That is the purpose of the federal requirement for employers to provide an annual notice (Employer’s Medicare Part D Notice) to all Medicare-eligible employees and spouses.

Employer Requirements

Federal law requires all employers that offer group health coverage including any outpatient prescription drug benefits to provide an annual notice to plan participants.

The notice requirement applies regardless of the employer’s size or whether the group plan is insured or self-funded:

  • Determine whether your group health plan’s prescription drug coverage is creditable or noncreditable for the upcoming year (2019). If your plan is insured, the carrier/HMO will confirm creditable or noncreditable status. Keep a copy of the written confirmation for your records. For self-funded plans, the plan actuary will determine the plan’s status using guidance provided by the Centers for Medicare and Medicaid Services (CMS).

  • Distribute a Notice of Creditable Coverage or a Notice of Noncreditable Coverage, as applicable, to all group health plan participants who are or may become eligible for Medicare in the next year. “Participants” include covered employees and retirees (and spouses) and COBRA enrollees. Employers often do not know whether a particular participant may be eligible for Medicare due to age or disability. For convenience, many employers decide to distribute their notice to all participants regardless of Medicare status.

  • Notices must be distributed at least annually before October 15. Medicare holds its Part D enrollment period each year from October 15 to December 7, which is why it is important for group health plan participants to receive their employer’s notice before October 15.

  • Notices also may be required after October 15 for new enrollees and/or if the plan’s creditable versus noncreditable status changes.

Preparing the Notice(s)

Model notices are available on the CMS website. Start with the model notice and then fill in the blanks and variable items as needed for each group health plan. There are two versions: Notice of Creditable Coverage or Notice of Noncreditable Coverage and each is available in English and Spanish:

Employers who offer multiple group health plan options, such as PPOs, HDHPs, and HMOs, may use one notice if all options are creditable (or all are noncreditable). In this case, it is advisable to list the names of the various plan options so it is clear for the reader. Conversely, employers that offer a creditable plan and a noncreditable plan, such as a creditable HMO and a noncreditable HDHP, will need to prepare separate notices for the different plan participants.

Distributing the Notice(s)

You may distribute the notice by first-class mail to the employee’s home or work address. A separate notice for the employee’s spouse or family members is not required unless the employer has information that they live at different addresses.

The notice is intended to be a stand-alone document. It may be distributed at the same time as other plan materials, but it should be a separate document. If the notice is incorporated with other material (such as stapled items or in a booklet format), the notice must appear in 14-point font, be bolded, offset, or boxed, and placed on the first page. Alternatively, in this case, you can put a reference (in 14-point font, either bolded, offset, or boxed) on the first page telling the reader where to find the notice within the material. Here is suggested text from the CMS for the first page:

“If you (and/or your dependents) have Medicare or will become eligible for Medicare in the next 12 months, a federal law gives you more choices about your prescription drug coverage. Please see page XX for more details.”

Email distribution is allowed but only for employees who have regular access to email as an integral part of their job duties. Employees also must have access to a printer, be notified that a hard copy of the notice is available at no cost upon request, and be informed that they are responsible for sharing the notice with any Medicare-eligible family members who are enrolled in the employer’s group plan.

CMS Disclosure Requirement

Separate from the participant notice requirement, employers also must disclose to the CMS whether their group health plan provides creditable or noncreditable coverage. The plan sponsor (employer) must submit its annual disclosure to CMS within 60 days of the start of the plan year. For instance, for calendar-year group health plans, the employer must comply with this disclosure requirement by March 1.

Disclosure to CMS also is required within 30 days of termination of the prescription drug coverage or within 30 days of a change in the plan’s status as creditable coverage or noncreditable coverage.

The CMS online tool is the only method allowed for completing the required disclosure. From this link, follow the prompts to respond to a series of questions regarding the plan. The link is the same regardless of whether the employer’s plan provides creditable or noncreditable coverage. The entire process usually takes only 5 or 10 minutes to complete.

Originally published by www.thinkhr.com

Return-to-work-1-694x240.jpg

Ask the Experts: FSA Limits | North Carolina Employee Benefits

Question: Our company offers flexible spending accounts (FSAs) for health care and dependent daycare. Our plan limits are the maximum amounts allowed by federal law. Will the IRS increase the limits for 2019? We hold open enrollment in November for employees to make their FSA elections for the following year.

Answer: The maximum annual limits for Dependent Care FSAs and Health Care FSAs are set forth under § 129 and § 125, respectively, of the Internal Revenue Code.

The § 129 (Dependent Care) limits do not change from year to year. They are currently $5,000, or $2,500 if married and filing separately, and they apply on a calendar-year basis. To change them would require a change in law, which is unlikely in the current Congress.

On the other hand, the maximum limit for elective contributions to a Health Care FSA (HFSA) may change from year to year depending on inflation. The limit applies on a plan-year basis and the HFSA limit for a 12-month plan year beginning in 2018 is $2,650. The limit is one of over 50 different tax provisions that is subject to annual cost-of-living or inflation adjustments. Each fall, the IRS announces any changes for the following year. The announcement usually is released in mid-October, which should give employers time to prepare 2019 enrollment materials.

Based on estimated inflation, it appears the HFSA limit will increase from $2,650 for plan years beginning in 2018 to $2,700 for plan years beginning in 2019. The increase will not be official, however, until the IRS announcement is released.

Originally published by www.thinkhr.com

FSA-FMLA-1-694x240.jpg

Look Backward to Plan Forward | North Carolina Employee Benefits

We have entered Open Enrollment season and that means you and everyone in your office are probably reading through enrollment guides and trying to decipher it all. As you begin your research into which plan to choose or even how much to contribute to your Health Savings Account (HSA), consider evaluating how you used your health plan last year. Looking backward can actually help you plan forward and make the most of your health care dollars for the coming year.

Check out these four things to look at as you go into Open Enrollment season!

Looking Backward to Plan Forward.png